

SPECIFICATION 



HOST COMPUTER, MOBILE COMMUNICATION APPARATUS, PROGRAM AND 



TECHNICAL FIELD 

The present invention relates to a host computer, a mobile 
communication apparatus, a program and a storage medium for the 
use of authentication system for supplying various kinds of 
commodities and services. 

BACKGROUND ART 

At present, the supply of various kinds of commodities 
including services via a communication line such as the supply 
of Internet contents and the transactions at Internet Malls is 
rapidly spreading, and the terminals used for them widely range 
from the personal computer to the mobile communication apparatus 
and various kinds of household electrical appliances. In other 
words, there is a possibility that in future almost all the 
electronic equipment, service equipment and other equipment will 
be provided with a function to purchase chargeable commodities 
via the communication line. 

Further, with spread of financial services such as credit 
card business and the like, billing forms are diversified and 
utility for the consumer is enhanced. These financial services 
are fused together with the mobile communication apparatus and 
expected to further enhance utility . On the other hand, however, 
there arises a problem that debit cards are forged or robbed. 

In view of the above described circumstances, the 
importance of authenticating customers who purchased the 
commodities is further increased. Nevertheless, if a 
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complicated operation for authentication is required every time 
the equipment is used, utility will be hindered. 

The present invention has been made in view of the above 
background and it is an object of the present invention to provide 
an authentication system and a host computer, a mobile 
communication apparatus, a program and a storage medium for the 
authentication system capable of realizing an adequate 
authenticating processing while assuring the maximum utility 
of the user when various kinds of commodities and services are 
provided. 

DISCLOSURE OF THE INVENTION 

In order to achieve the above described object, the host 
computer according to the present invention comprises: 

first receiving means for receiving the collation 
information for requesting an authentication of the person 
himself from service equipment; 

second transmitting means for transmitting a request 
information for requesting the information regarding the 
authentication to the mobile communication apparatus in response 
to the reception of the collation information by the first 
receiving means; 

second storage means for storing the information regarding 
the authentication of a plurality of persons; 

second receiving means for receiving the information 
regarding the authentication from the above described mobile 
communication apparatus; 

collating means for collating the information regarding 
the authentication received by the second receiving means with 
the information regarding the authentication stored in the above 
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described second storage means; and 

first transmitting means for transmitting the 
authentication information which authenticates the person 
himself according to the collation result by collating means 
to the above described service equipment. 

Further, the information regarding the above described 
authentication is the ID information of the user or the personal 
attributes of the user. 

Further, the above described first receiving means 
receives the information regarding the services provided by the 
service equipment, and 

the host computer further comprises authentication 
selection means for selecting an authentication level according 
to the information regarding the services. 

Further, the above described authentication selection 
means collates a past service provided history with the services 
to be provided at present and selects the authentication level 
based on the result of that collation. 

Further, the above described authentication selection 
means selects an authentication level based on at least any one 
of costs of services, service providing areas, service provided 
frequency and a total sum of money for the services provided. 

Further, in order to achieve the above described object, 
the mobile communication apparatus according to the present 
invention comprises : 

third receiving means for receiving the request 
information for requesting the information regarding the 
authentication from the host computer; 

first storage means for storing the information regarding 
the authentication; and 
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third transmitting means for transmitting the information 
regarding the authentication stored in the first storage means 
to the above described host computer in response to the reception 
of the request information by the above described third receiving 
means. 

Further, the mobile communication apparatus comprises 
fourth transmitting means for transmitting the information 
regarding the authentication to the service equipment. 

Further, the above described third transmitting means 
selectively transmits the information regarding the type of 
authentication requested by the above described request 
information to the above described host computer. 

Further, the function of the mobile communication 
apparatus according to the present invention can be also realized 
by allowing the computer to execute a program and such a program 
can be mounted on a storage medium capable of being read by the 
computer . 

The authentication method by using the host computer and 
the mobile communication apparatus according to the present 
invention (hereinafter, referred to as the authentication method 
according to the present invention) is based on both of the 
communications between the first communication terminal 
incorporated in the service equipment and the host computer and 
between the host computer and the mobile communication apparatus 
(the second communication terminal) . In this way, the 
reliability of the authentication can be enhanced. In this 
way, when various kinds of commodities and services are provided, 
the maximum utility can be guaranteed for the customer and an 
adequate authentication processing can be realized. 

Further, in the authentication method according to the 
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present invention, in the case of the communication between the 
host computer and the mobile communication apparatus (the second 
communication terminal) , the user may be asked about the 
information regarding the user's ID (identification 
information) or the personal attributes of the user and, based 
on the answer thereto, the authentication may be performed. 

Further, in the service equipment according to the present 
invention, a card reader for reading the information from the 
storage medium where the user's ID information is stored is 
further provided, and the service equipment can read the ID 
information of the storage medium. The authentication method 
according to the present invention is such that the first 
communication terminal transmits the ID information read by the 
card reader to the host computer and the host computer notifies 
the mobile communication apparatus (the second communication 
terminal) of the ID information based on this information and 
confirms the response of the mobile communication apparatus (the 
second communication terminal) for this. In this way, by 
utilizing the conventional storage medium, utility and 
reliability can be enhanced. 

Further, in the authentication method according to the 
present invention, further in the case of the communication 
between the host computer and the mobile communication apparatus 
(the second communication terminal) , the identifiable 
communication information between the first communication 
terminal and the mobile communication apparatus (the second 
communication terminal) is notified to the mobile communication 
apparatus and this information is confirmed by being collated 
with the information necessary for authenticating a 
communication history, a control transfer history and the like 
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and, based on this confirmation result, the authentication is 
performed. In this way, the reliability of authentication can 
be enhanced much more. 

Further, in the authentication method according to the 
present invention, a plurality of authentication levels and a 
control transfer permission condition according to each 
authentication level are stored in advance in the second storage 
means of the host computer or the third storage means of the 
service equipment so that, when the user desires the 
authentication of the person himself, an authentication level 
can be selected according to the object of the authentication. 
In other words, the authentication level can be selected by 
collating the past service provided history with the services 
to be provided at present. 

Further, in the authentication method according to the 
present invention, when the object of the authentication is to 
purchase commodities, the commodities are collated with the 
amount of money for the commodities and the past commodity 
purchasing history and the authentication level is selected, 
based on the result of the collation. In this way, utility 
can be enhanced. 

Further, in the present invention, the host computer may 
automatically analyze a tendency of commodity purchasing of the 
user and collate the analyzing result with the commodities. 

Further, in the authentication method according to the 
present invention, when the object of the authentication is to 
purchase the commodities, the authentication level can be 
selected based on at least any one of cost of services, service 
providing areas, service provided frequency and a total sum of 
money for the services provided. In this way, utility can be 
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enhanced. 

Further, in the present invention, the service equipment 
is the equipment capable of providing the commodities to the 
user and may provide the commodities by confirming a billing 
processing for the user after the authentication of the user 
has been performed. 

Further, in the authentication method according to the 
present invention, the first communication terminal and the host 
computer are connected by the mobile communication line, and 
the host computer and the mobile communication apparatus (the 
second communication terminal) are connected by the mobile 
communication line. In this way, the degree of freedom of the 
place and the like for installing the first communication 
terminal is enhanced. 

Further, in the authentication method according to the 
present invention, the first communication terminal and the host 
computer are connected by a fixed line, and the host computer 
and themobile communication apparatus (the second communication 
terminal) are connected by the mobile communication line. In 
this way, the reliability of the communication of the first 
communication terminal is enhanced. 

Further, in the authentication method according to the 
present invention, when a line condition is not good between 
the mobile communication apparatus (the second communication 
terminal) and the host computer, the communication which should 
be performed between the mobile communication apparatus (the 
second communication terminal) and the host computer can be 
executed between the first communication terminal and the host 
computer. In this way, a line trouble can be easily handled. 

The present specification contains the contents described 
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in the specification and/or the drawings of Japanese Patent 
Application No. 2000-193957 which is a base of the priority of 
the present patent application. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram showing a constitution of a first 
embodiment of an authentication system according to the present 
invention; 

FIG. 2 is a block diagram showing the constitution of a 
second embodiment of the authentication system according to the 
present invention; 

FIG. 3 is a block diagram showing the constitution of a 
third embodiment of the authentication system according to the 
present invention; 

FIG. 4 is a block diagram showing the constitution of a 
fourth embodiment of the authentication system according to the 
present invention; 

FIG. 5 is a view showing modified embodiments of the 
constitutions of the first and second communication terminals 
in the authentication system of FIG. 3; 

FIG. 6 is a flowchart showing a processing flow of the whole 
authentication system according to the present invention; and 

FIG. 7 is a flowchart showing the flow of the correction 
of the authentication level in the authentication system 
according to the present invention. 

BEST MODE FOR CARRYING OUT THE INVENTION 

Next, the embodiments of the authentication system 
constituted by using a host computer, a mobile communication 
apparatus, a program and a storage medium according to the present 
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invention (hereinafter , referred to as authentication system 
according to the present invention) will be described based on 
the drawings. 

FIG-1 shows a constitution of a first embodiment of the 
authentication system according to the present invention, and 
shows the authentication system having a card reader system CRS 
for reading a storage medium CC for storing the ID information 
of users of a credit card and the like. The card reader system 
CRS (service equipment) is connected to a card reader CR and 
the first communication terminal PD1 (here for mobile 
communication) of a built-in type (embedding type) is 
incorporated into the card reader system CRS . Through the first 
communication terminal PD1, the user (customer) can communicate 
with a host computer HC of an authentication management company 
BS. The authentication management company BS is, for example, 
a communication service company and performs the authentication 
management for a plurality of commodity providing companies SP1 
to SP3 (three companies are shown in the drawing, but its number 
is random) according to commodity purchasing situations in the 
card reader system CRS (service equipment) . The commodity 
providing companies SP1 to SP3 include not only the service 
providing companies which provide the services such as credit 
services, cash services and the like but also the commodity 
providing companies which provide various commodities as shown 
in Table 1 via the Internet and, further, include financial 
institutions, security companies, real estate companies, 
satellite broadcasting, CATV, newspapers, radio broadcasting, 
companies relating to mass communication such as publishing and 
the like. 

Here, for convenience sake, processing units of the 



9 



± a a :;/ o 5 a ::i „ o s ,1 yio £ 



commodity providing companies SP1 to SP3 are also designated 
as SP1 to SP3. These processing units SP1 to SP3 are connected 
to a host computer HC of the authentication management company 
BS via a public communication line or dedicated line. 



Table 1. Examples of provided commodities 



PROVIDED COMMODITIES 


INTERNET 
CONTENTS 


INFORMATION PROVIDING SERVICES FOR COMMODITY 
INFORMATION, COMPANY INFORMATION AND OTHER 
INFORMATION 


MUSIC DISTRIBUTION SERVICES 


BOOK DISTRIBUTION SERVICES 


GAME DISTRIBUTION SERVICES 


SERVICES FOR PROVIDING IMAGE INFORMATION SUCH 
AS PHOTO, PAINTING AND THE LIKE 


INTERNET MALL, 
SHOP CHANNEL 


VARIOUS KINDS OF COMMODITIES, 
MONEY VOUCHER 


FINANCE 


INTERNET BANKING 


SECURITIES 


BROKERAGE OF SECURITIES DEALING 


REAL ESTATE 


BROKERAGE OF REAL ESTATE DEALING 


MASS 

COMMUNICATION 


SATELLITE BROADCASTING, CATV 


NEWSPAPERS , PUBLICATION 


RADIO 



The host computer HC comprises: the first receiving means for 
receiving the collation information for requesting an 
authentication of the person himself from the service equipment; 
the second transmitting means for transmitting the request 
information for requesting the information regarding the 
authentication to the mobile communication apparatus PD2 (the 
second communication terminal, here a portable telephone) in 
response to the reception of the collation information by the 
first receiving means; the second storage means MEM 2 for storing 
the information regarding the authentication of a plurality of 
persons; the second receivingmeans for receiving the information 
regarding the authentication from the mobile communication 
apparatus (the second communication terminal); the collation 
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means for collating the information regarding the authentication 
rece ived by the second receiving means with the information 
regarding the authentication stored in the second storage means 
MEM 2; and the first transmitting means for transmitting the 
authentication information for authenticating the person 
himself to the service equipment according to the collation 
result by the collation means. 

Further, the mobile communication apparatus (the second 
communication terminal) PD2 comprises : the third receiving means 
for receiving the request information for requesting the 
information regarding the authentication from the host computer 
HC; the first storage means MEM 1 for storing the information 
regarding the authentication; and the third transmitting means 
for transmitting the information regarding the authentication 
stored in the first storage means MEM 1 to the host computer 
HC in response to the reception of the request information by 
the third receiving means. 

Next, the authentication method using the host computer 
HC and the mobile communication apparatus (the second 
communication terminal) PD2 will be described. 

First, from the first communication terminal PD1 of the 
service equipment (card reader system) CRS to the host computer 
HC, the collation information for requesting the authentication 
of the person himself is transmitted. 

When the host computer HC receives the collation 
information for requesting the authentication of the person 
himself from the first communication terminal PD1 through the 
first receiving means, it transmits the request information for 
requesting the information regarding the authentication to the 
mobile communication apparatus (the second communication 
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terminal) PD2 through the second transmitting means in response 
to the reception of the collation information by the first 
transmitting means. 

When the mobile communication apparatus (the second 
communication terminal) PD2 receives the request information 
for requesting the information regarding the authentication from 
the host computer HC through the third receiving means, it 
transmits the information regarding the authentication stored 
in the first storage means MEM1 to the host computer HC through 
the third transmitting means in response to the reception of 
the request information by the third receiving means. 

When the host computer HC receives the information 
regarding the authentication from the mobile communication 
apparatus (the second communication terminal) PD2 through the 
second receiving means, it collates the information regarding 
the authentication received by the second receiving means with 
the information regarding the authentication stored in the second 
storage means MEM2 by using the collation means, and transmits 
the authentication information for authenticating the person 
himself to the first communication terminal PD1 of the service 
equipment (card reader system) CRS through the first transmitting 
means according to the collation result. 

On the occasion of executing an authentication procedure 
as to whether the use of storage medium CC is justified or not, 
a signature by the user is required heretofore. In the present 
embodiment, in order to reduce the burden on the part of the 
user and speed up the authentication processing, when the usage 
of the CC storage medium as the collation information is 
communicated to the host computer HC from the card reader system 
CRS, the host computer HC of the authentication management 
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company BS communicates with the second communication terminal 
PD2 (mobile communication apparatus, portable telephone) owned 
by the user and requests the information regarding the 
authentication . 

The second communication terminal PD2 is provided with 
the storage means MEM1 for storing the ID information of users, 
and, in response to the request from the host computer HC, the 
ID information of the user (the information regarding the 
authentication) is read from the first storage means MEM1 and 
transferred to the host computer HC. When the host computer 
HC receives the ID information of the user from PD2, it collates 
the ID information with the information regarding the 
authentication stored in the second storage means MEM2 by using 
the collation means. If the use of the storage medium CC is 
legitimate, the authentication of the person himself is 
established and, in this way, the reliability of the 
authentication is enhanced. 

Alternatively, the host computer HC accumulates the 
information regarding the personal attributes of the user in 
the second storing means MEM2 in advance and asks a question 
regarding the personal attributes of the user to the second 
communication terminal PD2 . When the user operates the second 
communication terminal PD2 and answers the question to the host 
computer HC and the answer (information regarding the personal 
attributes) is legitimate, the host computer HC can confirm that 
the use of the storage medium CC by the user is legitimate. 
Further, the second communication terminal PD2 can selectively 
transmit the information regarding the type of the authentication 
requested by the request information from the host computer HC 
to the host computer HC. 
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For the user who is skilled in operating the second 
communication terminal (portable telephone) PD2, the 
authentication processing by using the second communication 
terminal PD2 is extremely simple in contrast to the entry of 
a sign. Further, the reliability of the authentication can 
be remarkably enhanced by the confirmation of the second 
communication terminal PD2 in addition to the ID information 
of the storage medium CC. 

When the authentication of the person himself is completed 
in the host computer HC, the authentication information is 
transmitted to the first communication terminal PD1 from the 
host computer HC. The notification of this authentication is 
executed by transmitting a predetermined authentication code 
and the like. 

Further, the mobile communication apparatus (the second 
communication terminal) PD2 comprises the fourth transmitting 
means for transmitting the information regarding the 
authentication to the service equipment and, by adding the 
communication between the first communication terminal PD1 and 
the second communication terminal PD2 to the conditions of the 
authentication, the utility and reliability of authentication 
can be enhanced much more. For example, the ID information 
of the user and other information are transmitted from the second 
communication terminal PD2 to the first communication terminal 
PD1, and the first communication terminal PD1 transmits these 
pieces of information sent from the second communication terminal 
PD2 together with the ID information of the storage medium CC 
to the host computer HC. The host computer HC is provided with 
the second storage means MEM2, and the second storage means MEM2 
stores a corresponding relation (any information regarding the 
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communication history or the control transfer history of each 
user who uses the card reader system CRS) between the ID 
information of the user and the second communication terminal 
PD2 of the user, and, based on this corresponding relation, the 
host computer HC transmits the ID information of the above 
described storage medium CC and the information regarding the 
corresponding relation to the second communication terminal PD2 . 
The second communication terminal PD2 collates these pieces of 
information transmitted from the host computer HC with the 
communication history, the control transfer history and the like 
stored in the first storage portion MEM1 of the second 
communication terminal PD2 and, when these pieces of information 
match one another, a reply to that effect is given to the host 
computer HC. 

As described above, in the present embodiments, though 
various kinds of authentication procedures can be used, by 
determining a reference for selecting the authentication 
procedure according to the object of the authentication, the 
optimum utility and reliability can be realized. For example, 
when the object of the authentication is to purchase the 
commodities, the authentication level can be set by the price 
thereof as shown in Table 2, and the authentication procedure 
for this can be set as shown by Table 3. 
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Table 2. Examples of the authentication levels 

Authentication Level 1 

In case: the price of the commodity is equal to or less than 
a first predetermined value. The first predetermined value is, 

for example, ¥5, 000. 

Authentication Level 2 

In case: the price of the commodity is more than the first 
predetermined value and is equal to or less than a second 
predetermined value. The second predetermined value is, for 

example, ¥10, 000. 

Authentication Level 3 

In case: the price of the commodity is more than the second 
predetermined value. 



Table 3. Examples of control transfer permissions; 

Authentication Level 1 

It is unconditionally authenticated, provided that an ex post 
facto confirmation should be made to the second communication 

terminal . 

Authentication Level 2 

Authentication management company BS makes a prior confirmation 
about the commodity purchase to the second communication terminal 

PD2. 

Authentication Level 3 

Authentication management company BS makes a prior confirmation 
about the commodity purchase to the first communication terminal 
PD1 and the second communication terminal PD2 . 



In other words, when the price of the commodity is equal 
to or less than the first predetermined value, the authentication 
level 1 is adapted and it is unconditionally authenticated. 
However, a prior confirmation is executed to the second 
communication terminal PD2 . When the price of the commodity 
is more than the first predetermined value and is equal to or 
less than the second predetermined value, the authentication 
level 2 is adopted, and the authentication management company 
BS makes a prior confirmation about the purchase of the commodity 
to the second communication terminal PD2 . When the price of 
the commodity is more than the second predetermined value, the 
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authentication level 3 is adopted, and the authentication 
management company BS makes a prior confirmation about the 
purchase of the commodity to the first communication terminal 
PD1 and the second communication terminal PD2 . 

The first receiving means of the host computer HC is 
provided with authentication selection means for receiving 
information regarding the services provided from the service 
equipment and selecting the authentication level according to 
the information regarding the services, so that the 
authentication procedure can be changed according to the 
authentication level. In other words, when the host computer 
HC which stores the authentication levels and the authentication 
procedure in the second storage means MEM2 receives the 
information regarding the collation information for requesting 
the authentication of the person himself and the information 
regarding the services from the first communication terminal 
PD1 through the first receiving means, the host computer HC 
selects the collation levels according to the information 
regarding the services with reference to the second storage means 
MEM2 by using the authentication selection means. After that, 
in order to perform the authentication procedure based on the 
authentication level, the host computer HC either transmits the 
request information for requesting the information regarding 
the authentication to the mobile communication apparatus (the 
second communication terminal) through the second transmitting 
means for the purpose of a prior confirmation or performs an 
ex post facto confirmation. In the case that the prior 
confirmation is performed, the host computer HC transmits the 
authentication information to perform the authentication of the 
person himself according to the collation result to the first 
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communication terminal PD1 of the service equipment (card reader 
system) CRS through the first transmitting means. 

When the authentication by the host computer HC is not 
necessar y similarly to the processing of the authentication level 
1, the authentication levels and the authentication procedure 
are stored in the third storage means MEM3 of the first 
communication terminal PD1, so that the first communication 
terminal PD1, that is, the card reader system CRS (service 
equipment ) can provide the commodity to the user without awaiting 
reception of an authentication code from the host computer HC 
if it is confirmed that the price of the commodity is equal to 
or less than the first predetermined value. However, an ex post 
facto confirmation should be made to the second communication 
terminal and, after the facto, the commodity providing company 
SP should be notified to that effect via the host computer HC. 

FIG. 2 shows a second embodiment which uses the first 
communication terminal Tl of a fixed line in place of the first 
communication terminal PD1 (for mobile communication) in the 
first embodiment. The first communication terminal Tl is 
incorporated into the card reader systemCRS ( service equipment ) . 
Other constitutive components are same as those of the first 
embodiment and the description thereof will be therefore omitted . 
By the above described constitution, even if the line condition 
of the mobile communication in the installed location of the 
service equipment is not good, the authentication system of the 
present invention can be adapted. 

When the first communication terminal Tl of the fixed line 
is used, the authentication procedure by the communication 
between the second communication terminal PD2 and the host 
computer HC can be also executed by the communication between 
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the first communication terminal Tl and the host computer HC. 
This is effective in the case that the line of the second 
communication terminal is in a bad condition. 

FIG. 3 shows a third embodiment for the authentication in 
the television set TV (service equipment) which can be connected 
to the Internet. The first communication terminal PD1 (here 
for the mobile communication) of the built-in type (embedded 
type) is incorporated into the television set TV, which can 
communicate with the authentication management company BS via 
the first communication terminal PDl . 

The owner or the manager of the service equipment TV can 
make an access to a variety of commodity providing companies 
by a predetermined authentication procedure by using the first 
communication terminal PDl. By using a dynamic image display 
function or a distributing function of the television set TV, 
a limit to tradable commodities is reduced and economic 
activities become remarkably brisk. 

Further, if the television set TV can be used by many and 
unspecified customers, a wider range of customers' needs can 
be tackled, and economic activities can become remarkably brisk. 
However, in this case, it is necessary to perform an adequate 
billing for the customer who uses the television set TV (service 
equipment) , and there is such a risk that the authentication 
and the billing procedure for each customer become complicated. 

Further, in the present embodiment, when the billing for 
the purchase of the commodities is owed by each customer, a 
"control transfer mode" which transfers the control regarding 
the billing to the customer's side can be set up. When the 
"control transfer mode" is set up, aplurality of customers settle 
their payment after the completion of authentication of the 
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person himself, so that it is impossible for the owner or the 
manager of the service equipment to be charged with the fee. 

The customer (not shown) calls up the first communication 
terminal PDl (used by a plurality of customers) from the second 
communication terminal PD2 (mobile communication apparatus, 
here portable telephone) which is owned by himself, and inputs 
a predetermined code (number, reference numeral and the like) , 
so that the service equipment TV can be used for the purpose 
of the billing for the customer. In this way, if the customer 
is guaranteed to be a legitimate customer by the authentication 
of the second communication terminal PD2, a customer 
authentication is possible such that the second communication 
terminal PD2 itself is taken as the ID information, and an adequate 
billing can be performed. 

Further, the operation of the customer authentication is 
relatively simple and does not damage utility. 

On this occasion, the information regarding the billing 
is transmitted from the first communication terminal PDl to the 
host computer HC of the authentication management company BS . 

Accordingly, regardless of the "control transfer mode" being 
utilized or not, the information regarding the billing may be 
transmitted together with the information regarding the 
authentication, and it is not necessary to change the 
transmission form of billing information on the service equipment 
TV. 

When a predetermined "condition" is satisfied, the 
authentication management company BS permits the supply of the 
commodities by confirming the billing processing for the customer. 
The authentication level and condition are same as those of the 
above described preferred embodiment. 
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Although the authentication levels of Table 2 are set up 
only by the prices of the commodities, as shown in Table 4, it 
can be corrected based on the commodity purchase history from 
the second communication terminal PD2 . 



Table 4. Example of corrections of authentication levels. 

Authentication Level not modified 

(1) In case: The commodity purchase history of the second 
communication terminal PD2 recorded in the authentication 
management company BS is less than a predetermined value. The 
predetermined value is set by comprehensively judging the number 
of purchase times and the purchase amount of money. 

(2) In case: The commodity purchase history of the second 
communication terminal PD2 recorded in the first communication 
terminal PDl is less than a predetermined value. The 
predetermined value is set by comprehensively determining the 
number of purchases and the amount of purchases, similarly to 

(1) . 

Authentication Level lowered by 1. 

(1) In case: The commodity purchase history of the second 
community terminal PD2 recorded in the authenticationmanagement 
company BS is more than a predetermined value. 

(2) In case: The commodity purchase history of the second 
communication terminal PD2 recorded in the first communication 
terminal PDl is more than a predetermined value. 



In the estimation of the purchase history in Table 4, on 
condition that the purchase amount of money is adequately used, 
a comprehensive estimation is made, for example, assuming that 
the purchase amount of money ¥100, 000 is taken as a predetermined 
value of the purchase history, even if the purchase amount of 
money is less than ¥10 0 , 000 , ten times of the purchases are changed 
into the purchase of ¥10, 000 and added to the purchase history. 

Further, the authentication level can be selected by 
collating the past service providing history with the services 
to be provided at present or the authentication level can be 
selected based on at least any one of the cost of services, service 
providing areas, service provided frequency and the total sum 
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of money for the services provided. 

As described above, by adequately simplifying the 
authentication procedure according to the authentication level, 
the utility of service equipment regarding the commodity 
provision can be remarkably enhanced. 

It is also possible to use other parameters, for example, 
the area of the first communication terminal, the first 
communication terminal itself, the kind of the commodity and 
the like for setting and correcting the authentication levels. 

Further, in the host computer HC, it is also possible to 
automatically analyze the tendency of the purchased commodities 
of the user to lower the authentication level for the purchase 
of the commodities complying with the analyzed result and raise 
(to be strict with) the authentication level regarding the 
purchase of the commodities different from the past tendency. 

FIG. 4 shows a fourth embodiment which uses the first 
communication terminal Tl of the fixed line in place of the first 
communication terminal PD1 (for the mobile communication) in 
the third embodiment. Other constitutive components are same 
as those of the third embodiment and description thereof will 
be therefore omitted. By the above described constitution, 
even if the line condition of the mobile communication in the 
location of the service equipment TV installed is not good, the 
authentication system of the present invention can be adapted. 
Such a constitution can be also adapted that the service equipment 
TV is taken as the first communication terminal Tl and a telephone 
set TV (Tl) of the fixed line is used. 

FIG. 5 shows a modified embodiment which uses the first 
communication terminal (for the mobile communication) PD1 and 
the second mobile communication terminal (mobile communication 
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apparatus, portable telephone) PD2 in a third embodiment. 
Label tags TGI, TG2 are incorporated into the first and second 
mobile communication terminals PDl, PD2 respectively and send 
intrinsic signals of the first and second communication terminals 
PD1, PD2. The signals of label tags TGI, TG2 are received 
respectively by the antennas of the first and second 
communication terminals PDl, PD2 and, when both are detected 
by each other, the service equipment TV transmits the billing 
information as the billing for the second communication terminal 
PD2 to the authentication management company BS . In other words, 
the first and second communication terminals PDl, PD2 operate 
as non-contact sensors and detect electrical indexes emitted 
by label tags TGI, TG2 . By PDl , PD2 being automatically detected 
by each other in this way, it is not necessary to perform a 
complicated operation such as calling up the first communication 
terminal PDl from the second communication terminal PD2 and 
inputting the code. 

Needless to mention, radio communications by BLUETOOTH 
standards can be adopted in place of the communications by label 
tags. Further, the authentication management company BS may 
be the same as the commodity providing company and, in this case, 
the authentication system can be simplified. 

FIG. 6 is a flowchart showing one example of the flow of 
the whole authentication system based on the control transfer 
request . Here, the correction of the authentication level shown 
in Table 4 is not performed, and a processing which adopts only 
the conditions of Table 2, Table 3 is shown. 

First, by the operation that the second communication 
terminal PD2 calls up the first communication terminal PDl and 
the like, it is determined whether a request for the control 



23 



;I I j G y 3 J **,2 JL , O 8 A <9 O fi 



transfer is made or not (step S41) and, when the request is not 
made, the process is finished. 

When the request for the control transfer is made, the 
request contents from the second communication terminal PD2, 
that is, the commodities desired to be purchased, the prices 
thereof and the like, and the information regarding the 
authentication such as the ID information regarding the billing 
of the customer and the like are transmitted to the authentication 
management company BS (step S42) . In the first communication 
terminal, based on Table 2 and Table 3, it is determined from 
the commodity prices whether or not the prices are of the low 
level which does not require an approval from the authentication 
management company BS . If the approval is not required, the 
commodities are immediately provided (step S45) . If the 
approval is required, the commodities are provided (step S45) 
when the approval from the authentication management company 
BS is granted (step S44). When the approval is not granted, 
a notification to the effect that the approval is not granted 
is notified to the second communication terminal PD2 (step S46) . 

After the commodities are provided, it is determined 
whether an ex post facto confirmation is required or not (step 
S47) based on the Authentication level 1 in Table 3. When the 
expost facto confirmation is required, the information regarding 
the purchase of the commodities and the like is transmitted from 
the authentication management company BS to the second 
communication terminal PD2 and the like (step S48) . 

FIG, 7 is a flowchart showing the flow of the processing 
of the authentication system which performs the correction of 
the authentication levels shown in Table 4. 

First, by the operation that the second communication 
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terminal PD2 calls up the first communication terminal PD1 and 
the like, it is determined whether a request for the control 
transfer is made or not (step S51) . When the request is not 
made, the process is finished. 

When the request for the control transfer is made, a 
tentative judgment of the authentication level is made from the 
prices of the commodities desired to be purchased based on Table 
2 (step S52) . Here, the request contents from the second 
communication terminal PD2, that is, the commodities desired 
to be purchased, the prices thereof, and the information 
regarding the authentication such as the ID information regarding 
the billing of the customer and the like are transmitted to the 
authentication management company BS (stepS53). Next, in the 
first communication terminal, it is determined from the commodity 
prices whether or not the commodities are of the low level which 
does not require the approval of the authentication management 
company BS. If the approval is not required, the commodities 
are immediately provided (step S58) . When the approval is 
required, it is determined whether the correction of the 
authentication level is required or not based on Table 4 in the 
authentication management company BS. When the correction is 
required, the process returns to step S54 after the correction 
of the authentication level and, when the correction is not 
required or becomes unnecessary because of the correction of 
the authentication level, the process advances to the judgment 
(step S57) as to whether the authentication is approved or not 
in the authentication management company BS. 

When the approval is granted in step S57, the commodities 
are provided (step S58) and, when the approval is not granted, 
the second communication terminal PD2 is notified of the approval 
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rejected (step S59) - 

After the commodities are provided, as in the 
authentication level3, it is determined whether an ex post facto 
confirmation is required or not (step S60) . When the ex post 
facto confirmation is required, the information regarding the 
purchase of the commodities and the like is transmitted from 
the authentication management company BS to the second 
communication terminal PD2 (step S61) . 

Needless to say, the control transfer regarding the billing 
can foe adapted to any service equipment using any communication 
terminals other than the television set TV. 

The mobile communication apparatus of the present 
invention is also realized by a program that allows a computer 
to function as the present mobile communication apparatus. 
This program may be housed in a storage medium capable of being 
read by a computer. 

The storage medium which stores this program may be the 
first storage means MEM1 itself shown in FIG.l, or CD-ROM and 
the like, wherein a program reading unit such as CD-ROM drive 
and the like as an external storage unit is provided, and CD-ROM 
can be read by being inserted into it. 

Further, the above described storage medium may be a 
magnetic tape, a cassette tape, a floppy disc, a hard disc, 
MO/MD/DVD and the like or a semiconductor memory. 

INDUSTRIAL APPLICABILITY 

According to the present invention, an authentication 
system, a host computer, a mobile communication apparatus, a 
program and a storage medium for the use of the authentication 
system are provided capable of guaranteeing the optimum utility 
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for the customer and realizing an adequate authentication 
processing when various kinds of commodities and services are 
provided. 
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